@jimp ok, thanks I see that now. both the VPN servers are Asus AX-11000 routers, so I guess I'll have to install a pfsense box at one of those locations because I don't see any way to change the CN.

I confirm your solution is so simple and working very well.

I just renew the server certificate, client reconnecte to the server instance and continue to work like before.

Thanks again!

Ditto. I couldn't replicate it on 2.6.0 / 22.01.

Looks like it was fixed by https://redmine.pfsense.org/issues/12172

@viragomann
I believe the problem is related to OpenVPN.
Today the link SSH worked, but I lost it while I was working.
From the log I see

Nov 28 08:41:19 openvpn 46588 MyLoginName/MyRemoteIP:46059 [MyLoginName] Inactivity timeout (--ping-restart), restarting

But I was working both on the pfSense dashboard and on a web panel of the server in DMZ.

.
Then I see many rows of this type, every 5-10 seconds.

Nov 28 08:44:02 openvpn 46588 MyLoginNam/MyRemoteIP:45524 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2210 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

Finally I would not want it to be related in some way to the problem I have already reported in this post; after starting the VPN connection, after about a minute I lose the ability to access the internet although I have configured the Outbound.

Fix found, for those interested the solution (I needed) can be seen here:
Link
https://www.linuxserver.io/blog/2017-05-01-how-to-run-pfsense-with-pia-vpn-but-still-use-plex-remote-access

The section which is new that appears to fix the issue is named How to bypass VPN for Plex Server connections to plex.tv

But i'd advise following the entire guide to ensure all settings are correct if you have problems still.

Hope this helps!

@viragomann said in Ip "free outbound" from NordVPN:

Dude, you have to add the rule to the internal interface!!!

Thank you very much, it had escaped me, now everything works perfectly.
You were too kind!

Thanks again

@acloete
Would be worth to mention.

So configure PAT in your p 2 and use an IP which is routed to your site.

@the-rob
Try to get it work with IP first to avoid resolving issues.

If you cannot access the SMB ensure the host does not block it by its own firewall, which is the default behavior.

To troubleshoot you can use the packet capture utility from the Diagnostic menu on pfSense.
Take a capture on the interface facing to the SMB server and check if requests are going out and if responds are coming back properly.

Never mind...

@vinns For the clients the Apple store, Andriod store, etc ...

https://openvpn.net/vpn-client/

@n8lbv

The issue is probably the '5' thing you mentioned.
Dono what that is.
Look here : https://www.pfsense.org/download/

The next important thing is that OpenVPN itself - see here : https://openvpn.net/community-downloads/ went from the 2.4.x series (th ese are NOT pfSense series numbers !!) to the 2.5.1, 2 or 3 version.
And between2.4.x and 2.5.x (OpenVPN !) things changed, some parameters are faced out, some can even do other things. Mixing 2.4.x settings (opvn file) with 2.5.x (2.5.2 is the OpenVPN version on pfSense 2.5.2) can crate issues. The other way around : same thing.
So, using pfSense 2.5.2, things changed.

I'm using a OpenVPN 2.5.x client on the client side, and pfSense 2.5.2, this works just fine.
And yes, I to go to the OpenVPN 2.5.x release info page ( again : here https://openvpn.net/community-downloads/ ) and read the "Overview of changes since OpenVPN 2.4" part.

@hellnation76

I can't think of anything, short of using a managed switch that supports that function.

@felipefonsecabh the bridge between OpenVPN and Local Network works after i enabled these options:
2021-11-18_23-36-29.png
I try to keep the "Redirect IPv4 Gateway" disabled (the address configured as 192.168.1.0/24), but doesn't work.

It's possible to make it works without pass all traffic throught the tunnel?

Thanks a lot!